Account Collector for Authentication Manager is not reading Disabled Accounts correctly in Identity Geovernance and Lifecycle 7.0.0.
3 years ago
Originally Published: 2016-12-16
Article Number
000065805
Applies To
RSA Product Set: Identity Management and Governance
Product Name: Identity Governance and Lifecycle
RSA Version:  7.0.0, 7.0.1 
Platform: Any

 
Issue
We have Authentication Manager directly connecting to Identity Governance and Lifecycle 7.0.0, but it is not reading disabled accounts correctly. There is a field indicating “Is Disabled” for all collected accounts and each has value set to “No” despite those accounts are in disabled status in Authentication Manager.



 
Resolution
If the status of the accounts is not collected during the Account Collection using the correct query, by default IG&L will mark the account status as ‘Is Disabled=No’.
For example:  In ADC configuration, under ‘Mapping for Accounts Attributes’ section, there is no DB Column mapped to  ‘Account Disabled’ attribute as you can see below:

Account Disabled

In order to retrieve account status information from Authentication Manager, you can use query as below:
CASE WHEN prin_data.enable_flag = 'true' THEN 0 ELSE 1 END as account_status

Resolution
Mapping the value of DB Column ‘account_status’ to ‘Disabled Accounts’ as shown below and recollecting the accounts using ADC resolves the issue.  Value of "Is Disabled" will then show as 'yes'.


 

Related Articles

Trending Articles

Don't see what you're looking for?